The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Microsoft Rocked by New IE Zero-Day Flaw Warning
Time: 00:00 EST/05:00 GMT | News Source: eWeek | Posted By: Michael Dragone

Barely two weeks after shipping an Internet Explorer security makeover to cover a wave of drive-by malware downloads, Microsoft is scrambling to address the public disclosure of a new zero-day vulnerability that could be used in code execution attacks.

The Redmond, Wash. software maker confirmed it was investigating a warning posted on the Full-disclosure mailing list that the latest versions of IE causes various types of crashes when visiting Web pages with nested OBJECT tags.

Write Comment
Return to News

  Displaying 1 through 25 of 319
Last | Next
  The time now is 8:29:43 AM ET.
Any comment problems? E-mail us
#1 By 15406 (216.191.227.68) at 4/26/2006 9:36:28 AM
If there's a rumour you can count on, it's a rumour about a major security flaw in IE.

#2 By 3653 (68.52.143.149) at 4/26/2006 10:15:55 AM
latch, you are far more reliable, but for different, sadder reasons.

#3 By 32132 (64.180.219.241) at 4/26/2006 11:29:38 AM
The Firefox zero day exploit has more potential for exploitation ... its nice to see Firefox try to keep up with IE (and in the case of the 21 hole day, surpass IE in volume of critical holes)

http://www.informationweek.com/security/showArticle.jhtml?articleID=186700930&subSection=Viruses+and+Patches

"A zero-day vulnerability in a fully-patched and most-current version of Mozilla Corp.'s Firefox could be exploited to crash the browser at the least, and at the worst, possibly introduce malicious code, a security company warned Tuesday."


#4 By 32132 (64.180.219.241) at 4/26/2006 11:33:49 AM
I know eWeek hates Microsoft these days, but aren't they doing a disservice by claiming "Microsoft Rocked ... " and then totally ignoring a more serious zero day exploit for Firefox on their "Security" page?


#5 By 15406 (216.191.227.68) at 4/26/2006 11:45:10 AM
#5: Secunia rated it a low-risk bug. How is that more serious than the usual IE "own your box" hole?

#6 By 32132 (64.180.219.241) at 4/26/2006 11:50:15 AM
#6 From the link I posted:

"Although Danish vulnerability tracker Secunia ranked the threat as "low," its weakest warning, U.S.-based security vendor Symantec said the danger may be more dire.

"It does appear that triggering the vulnerability using the proof of concept results in the execution of data somewhere in anonymous memory, possibly in a portion of the heap," Symantec told customers of its DeepSight threat alert system Tuesday. "If this memory were somehow populated by an attacker with a malicious payload, this condition could likely be exploited to execute arbitrary code." "

This post was edited by NotParker on Wednesday, April 26, 2006 at 11:50.

#7 By 32132 (64.180.219.241) at 4/26/2006 11:54:28 AM
I see Firefox has made the big time:

http://www.itnews.com.au/newsstory.aspx?CIaNID=31952&src=site-marq

"A dirt-cheap, do-it-yourself hacking kit sold by a Russian website is being used by more than 1,000 malicious websites, a security company said on Monday.

Those sites have confiscated hundreds of thousands of computers using the "smartbomb" kit, which sniffs for seven unpatched vulnerabilities in Internet Explorer and Firefox, then attacks the easiest-to-exploit weakness.

For US$15 to US$20, hackers can buy the "Web Attacker Toolkit," said San Diego-based Websense in an online alert. The tool, which uses a point-and-click interface, can be planted on malicious sites - or on previously-compromised computers - to ambush unsuspecting users.

"It puts a bunch of code on a site that not only detects what browser the victim is running, but then selects one of seven different vulnerabilities to exploit, depending on how well patched the browser is," said Dan Hubbard, senior director of security and research at Websense.

Both Firefox and Internet Explorer vulnerabilities are among the seven."


May I suggest to anyone running a browser, use the Sysinternals psexec safety feature:

http://www.sysinternals.com/blog/2006/03/running-as-limited-user-easy-way.html

#8 By 20505 (216.102.144.11) at 4/26/2006 3:40:19 PM
gents,

maybe i'm missing something but isnt the bar for security much higher for ie than firefox for the simple reason that ie is so closely linked to the underlying os?

#9 By 32132 (64.180.219.241) at 4/26/2006 4:22:16 PM
#9 Can you give me an example of how a compromised IE is worse than a compromised Firefox?

The one obvious one I can think of is, because the IE engine can be run by multiple applications, there are more attack vectors (such as Outlook) is somewhat true ... except for the fact that almost all Firefox vulnerabilities are in Thunderbird as well.

What seems to be true now, is that Firefox is a way of compromising Linux and OS X as well as Windows since many of the Firefox vulnerabilities are cross platform.

Of course, the argument that Firefox fixes its flaws quicker is kind of moot since they are still keeping most of the secret on bugzilla.

Go ahead and look some of them up and you'll find:

Exploit code and details embargoed during the active update period


ZDI does have more info on some:

2 months: http://www.zerodayinitiative.com/advisories/ZDI-06-011.html
2.5 months: http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
5 months: http://www.zerodayinitiative.com/advisories/ZDI-06-009.html

What I find fascinating is this statement on the last one:

"TippingPoint IPS customers have been protected against this vulnerability since December 13, 2005 by Digital Vaccine protection filter ID 3977. For further product information on the TippingPoint IPS: "

So hackers who subscribe to this "service" had 5 months to exploit it in the wild before Firefox fixed it?

Scary!



This post was edited by NotParker on Wednesday, April 26, 2006 at 16:27.

#10 By 3653 (68.52.143.149) at 4/26/2006 7:40:27 PM
> hackers who subscribe to this "service" had 5
> months to exploit it in the wild before Firefox
> fixed it?

firefox was too busy creating marketing campaigns to be troubled with fixing long-standing security holes.

#11 By 4240821 (213.139.195.162) at 10/26/2023 11:57:08 PM
https://sexonly.top/get/b472/b472llwxkmdcpgkltke.php
https://sexonly.top/get/b693/b693zmcsvyujphupclx.php
https://sexonly.top/get/b727/b727ljwqcyfwtgwjkif.php
https://sexonly.top/get/b55/b55rpxabvaezqyptfq.php
https://sexonly.top/get/b320/b320atasimizbzlcsho.php
https://sexonly.top/get/b661/b661afalfeazmijyxrd.php
https://sexonly.top/get/b925/b925jnvbjadenzhhylf.php
https://sexonly.top/get/b805/b805ocewtxpgldiknhx.php
https://sexonly.top/get/b709/b709ilnyudtztasaddb.php
https://sexonly.top/get/b614/b614adwxggwblnalfqb.php
https://sexonly.top/get/b719/b719pympoasbpsdnjgi.php
https://sexonly.top/get/b126/b126zmxkdpnmeefjzfn.php
https://sexonly.top/get/b795/b795wvecgzsvaoeccof.php
https://sexonly.top/get/b793/b793ybnxyghtsknnatl.php
https://sexonly.top/get/b613/b613nltjqlikirhygsg.php
https://sexonly.top/get/b554/b554uxitblkrqcjnnii.php
https://sexonly.top/get/b144/b144gzkgkqboefugmvu.php
https://sexonly.top/get/b0/b0mfievpkwpyybcwx.php
https://sexonly.top/get/b292/b292txwmotismyzojax.php
https://sexonly.top/get/b185/b185ghqcflbgggrdscu.php
https://sexonly.top/get/b718/b718ewixszbyptlkyov.php
https://sexonly.top/get/b705/b705dlsxtpkzykodlua.php
https://sexonly.top/get/b518/b518qvtixjlmkpcrums.php
https://sexonly.top/get/b58/b58umkkvwldeqpykxk.php
https://sexonly.top/get/b391/b391xrnorfimpdtyinz.php
https://sexonly.top/get/b17/b17uukujqblwegrvtm.php
https://sexonly.top/get/b981/b981jrltzdptwlgqhuu.php
https://sexonly.top/get/b621/b621cikopqgmaottvlx.php
https://sexonly.top/get/b52/b52syciktzlsomjefw.php
https://sexonly.top/get/b684/b684iervbwtfklcwqvp.php
https://sexonly.top/get/b724/b724cucjxbaqrkruird.php
https://sexonly.top/get/b602/b602zbwxnrwownjsrsf.php
https://sexonly.top/get/b535/b535hvdpqllaxsqfbhl.php
https://sexonly.top/get/b489/b489maujniuyugdpfqk.php
https://sexonly.top/get/b269/b269dasqlxabhtgpnpr.php
https://sexonly.top/get/b905/b905yghbuaqgslcruie.php
https://sexonly.top/get/b400/b400zervbmnunpczsqu.php
https://sexonly.top/get/b811/b811wurzwfhnrlpykqt.php
https://sexonly.top/get/b400/b400ptpalxnkbwdgxri.php
https://sexonly.top/get/b444/b444vpndurboqwygqup.php
https://sexonly.top/get/b656/b656ynotsvdpejikith.php
https://sexonly.top/get/b550/b550jvsgyvtoyrrhfqt.php
https://sexonly.top/get/b978/b978ansbdztjrejqjdn.php
https://sexonly.top/get/b633/b633bknwchjmldlmlrh.php
https://sexonly.top/get/b758/b758xirirqjoozhpdcp.php
https://sexonly.top/get/b707/b707ipczdwrzsgplvht.php
https://sexonly.top/get/b593/b593lvwtxdkxqocritg.php
https://sexonly.top/get/b587/b587wxjzmmqictmdigj.php
https://sexonly.top/get/b234/b234blvawsqlnlncojn.php
https://sexonly.top/get/b988/b988tnxibhhabfrwcds.php

#12 By 4240821 (103.151.103.150) at 10/30/2023 1:41:47 PM
https://www.quora.com/profile/JulieJacobson906/Injured-Arm-Studios-Lia-One-NatashaMonee-SognoDPassaggio-BeatrixValentine-Luscious-Chantel-Twyla-doll-nand
https://www.quora.com/profile/LeonMurray169/Ellerosexo-Preciouscurvykitty-Annah-Swede-Virtik_baby-Cassiopeia22-harley-sin-Mari-Ex-Divination-Deebear
https://www.quora.com/profile/PrymeTuttle879/Alexis-Ann-BeeMoon-Ferskenmis-Saralisa-Volm-SamanthaTapping-Savannah-Fox-Violet-And-Cobalt-Triciatreat-d
https://www.quora.com/profile/RodolfoTherrien965/Ninfetinha-Pink_Kandee-Foxyredhead-erica-ellyson-goddessanika10-misty-quinn-justine-ashley-tittyxtime-Ju
https://www.quora.com/profile/NikHuff514/missmisskitty1-Horny-Witch-Desi-Myers-JamieHart90-Miss-Exciter-Charityxxbaby-LatinHrnycpl-lil_sinful-lyl
https://www.quora.com/profile/LoriSchneider441/CollegePawg-lidia-santana-xxxliizzz-vanessa-hell-willowxfenn-caitlincummings-NuckingFuxNix-Cassiecrybby
https://www.quora.com/profile/RobertLeyba212/BellaSpanx-hehe426-secretpuppy-StarrySky99-HaleyJames-alison-star-masters_taste-the_kinkyk-J3N724-Ange
https://www.quora.com/profile/MackenzieSmith744/Cherise-Taylor-laceymayyy-Lilfrisk-GoddesSamariel-BellandZeke-Stacy-Lusted-luanna_green-Brittany-Blue-Al
https://www.quora.com/profile/BobCarlson565/Bratty-Aidyn-YukiRainb0w-DarkAngel26-smutgoblin-SweetSoles92-sexyfatass-Miss_wednesday-klarisa-leone-Kit
https://www.quora.com/profile/AngelRivera508/jamie-reams-Glow-Wurm-sexycyka-Julia-Hart-bimarley-1-Acac1a-scarlettwolfie-Andrea-Nobili-passion4nylons

#13 By 4240821 (103.152.17.80) at 10/31/2023 5:39:25 AM
https://app.socie.com.br/victoriavixenxxSuccubusChanz
https://app.socie.com.br/KimcamsTmptshnn
https://app.socie.com.br/SommerAndSamantaSavannahparker
https://app.socie.com.br/SubmissivehunSheGotIt909
https://app.socie.com.br/read-blog/98386
https://app.socie.com.br/Realbiancablu2EMYLLYBR
https://app.socie.com.br/read-blog/97141
https://app.socie.com.br/SummerCarterkyliesoft
https://app.socie.com.br/read-blog/97191
https://app.socie.com.br/read-blog/97207

#14 By 4240821 (103.151.103.150) at 10/31/2023 2:49:54 PM
https://app.socie.com.br/itsbambibaoRoachWitch
https://app.socie.com.br/read-blog/98543
https://app.socie.com.br/Reyna515RabbitIsABitch
https://app.socie.com.br/katjamiyatovichChocoSlimThick
https://app.socie.com.br/read-blog/97549
https://app.socie.com.br/Lovelyyybeautyytaissa_winkler
https://app.socie.com.br/read-blog/98268
https://app.socie.com.br/MikuOhashiAmberSunshine
https://app.socie.com.br/LilithKalliKinkikitti
https://app.socie.com.br/read-blog/97605

#15 By 4240821 (62.76.146.75) at 11/1/2023 9:46:20 AM
http://activewin.com/mac/comments.asp?ThreadIndex=6269&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=28091&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=26770&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=34108&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=69178&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=53779&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=15321&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=15140&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=18004&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=83821&Group=Last

#16 By 4240821 (2.57.151.31) at 11/2/2023 3:31:56 AM
http://activewin.com/mac/comments.asp?ThreadIndex=27363&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=20113&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=761&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=13205&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=58719&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=72502&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=84153&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=20973&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=38802&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=38111&Group=Last

#17 By 4240821 (212.193.138.10) at 11/3/2023 7:39:37 AM
http://activewin.com/mac/comments.asp?ThreadIndex=83739&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=76630&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=79267&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=75555&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=62766&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=83120&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=83285&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=16376&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=29700&Group=Last
http://activewin.com/mac/comments.asp?ThreadIndex=74582&Group=Last

#18 By 4240821 (109.94.216.41) at 11/5/2023 2:51:08 AM
https://hotslutss.bdsmlr.com/post/661240821
https://hotslutss.bdsmlr.com/post/654093532
https://hotslutss.bdsmlr.com/post/661666744
https://hotslutss.bdsmlr.com/post/650424634
https://hotslutss.bdsmlr.com/post/661360537
https://hotslutss.bdsmlr.com/post/664697636
https://hotslutss.bdsmlr.com/post/651524549
https://hotslutss.bdsmlr.com/post/658066794
https://hotslutss.bdsmlr.com/post/656249879
https://hotslutss.bdsmlr.com/post/650851221

#19 By 4240821 (92.119.163.194) at 11/6/2023 8:00:21 AM
https://printable-calendar.mn.co/members/19898272
https://printable-calendar.mn.co/members/19917161
https://printable-calendar.mn.co/members/19909957
https://printable-calendar.mn.co/members/19892666
https://printable-calendar.mn.co/members/19893125
https://printable-calendar.mn.co/members/19893753
https://printable-calendar.mn.co/members/19901743
https://printable-calendar.mn.co/members/19918709
https://printable-calendar.mn.co/members/19893809
https://printable-calendar.mn.co/members/19907734

#20 By 4240821 (62.76.146.75) at 11/8/2023 10:24:58 AM
https://www.hackerearth.com/@dingpencepe1984
https://www.hackerearth.com/@cedisnoli1971
https://www.hackerearth.com/@podoordece1971
https://www.hackerearth.com/@comphursangsy1985
https://www.hackerearth.com/@limpennredmu1976
https://www.hackerearth.com/@websrapsrabu1980
https://www.hackerearth.com/@wiigachanlo1977
https://www.hackerearth.com/@senannposmiln1989
https://www.hackerearth.com/@woprsustesol1972
https://www.hackerearth.com/@baythelzage1988

#21 By 4240821 (45.146.26.215) at 11/11/2023 1:30:39 AM
http://www.ttbizonline.com/pro/20231109110802
http://www.ttbizonline.com/pro/20231109195157
http://www.ttbizonline.com/pro/20231109192333
http://www.ttbizonline.com/pro/20231109162302
http://www.ttbizonline.com/pro/20231110000204
http://www.ttbizonline.com/pro/20231109210414
http://www.ttbizonline.com/pro/20231109074932
http://www.ttbizonline.com/pro/20231109105248
http://www.ttbizonline.com/pro/20231109174440
http://www.ttbizonline.com/pro/20231109102358

#22 By 4240821 (109.94.216.41) at 11/11/2023 5:42:22 PM
https://www.mddir.com/company/giselleveenstra-onlyfans-leak/
https://www.mddir.com/company/theagegapcouple-onlyfans-leak/
https://www.mddir.com/company/blondiewet-onlyfans-leak/
https://www.mddir.com/company/kenzilauren-clips4sale-leaked/
https://www.mddir.com/company/right_slut-patreon-leaked/
https://www.mddir.com/company/babypl4ything-patreon-leaked/
https://www.mddir.com/company/slup_noa-manyvids-leak/
https://www.mddir.com/company/auroramoon2020-onlyfans-leaked/
https://www.mddir.com/company/kenzilauren-clips4sale-leaked/
https://www.mddir.com/company/megumi-meguro-onlyfans-leaked/

#23 By 4240821 (194.190.178.141) at 11/12/2023 7:18:34 PM
https://instem.res.in/comment/reply/2557/720264
https://instem.res.in/comment/reply/2752/720440
https://instem.res.in/comment/reply/2557/720227
https://instem.res.in/comment/reply/2557/720249
https://instem.res.in/comment/reply/2475/720521
https://instem.res.in/comment/reply/2557/720249
https://instem.res.in/comment/reply/2557/720203
https://instem.res.in/comment/reply/3225/720467
https://instem.res.in/comment/reply/5405/720454
https://instem.res.in/comment/reply/2557/720274

#24 By 4240821 (45.146.26.215) at 11/14/2023 12:27:20 AM
https://telegra.ph/RocksyLight-Exposed-Onlyfans-Leak-12-29-2
https://hotslutss.bdsmlr.com/post/659540103
https://sexonly.top/get/b148/b148vvmynupcdaygrfu.php
https://sexonly.top/get/b277/b277dkntqrthmbvajjl.php
https://sexonly.top/get/b418/b418srliiimmdawznhj.php
https://sexonly.top/get/b362/b362mmutoslphjcapkw.php
https://sexonly.top/get/b41/b41sxfjcrgfgwqjpfl.php
https://sexonly.top/get/b566/b566lwcqmrjiigkxaan.php
https://telegra.ph/belledelphine-Nylons-Fansly-Leak-01-06
https://sexonly.top/get/b740/b740annqgxnwrrxfuok.php

#25 By 4240821 (62.76.153.10) at 11/14/2023 11:26:35 PM
https://telegra.ph/Christian-Charity-Sport-Patreon-Leak-12-26
https://sexonly.top/get/b216/b216wcgzcqafcrtungh.php
https://sexonly.top/get/b577/b577jiikvxdfcwffifo.php
https://sexonly.top/get/b193/b193bxpqyqrmfagydeg.php
https://sexonly.top/get/b826/b826yxgijfxhszytjcy.php
https://sexonly.top/get/b545/b545zlyjqfdowyigooi.php
https://sexonly.top/get/b500/b500kubyjmkcrodntqg.php
https://sexonly.top/get/b182/b182ukuhwbnwpbxmzrn.php
https://sexonly.top/get/b133/b133zouhrlsukccocol.php
https://sexonly.top/get/b918/b918nzukwegvswfsobv.php

Write Comment
Return to News
  Displaying 1 through 25 of 319
Last | Next
  The time now is 8:29:43 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *